During the great digital migration of 2020 in response to the pandemic, people did nearly everything online, from attending work and school to shopping and seeing the doctor. Average time spent online more than doubled versus the prior year – a trend that was not lost on bad actors. Cyberattacks involving passwords and usernames increased by 450 percent over 2019, and data breaches involving less than 100 million records increased by 50 percent, according to digital identity services firm ForgeRock. The increasing volume of people impacted by hacks has sparked an uptick in data breach litigation, particularly class actions, helping to propel cybersecurity to the top of the list of concerns keeping business executives up at night.
Types of Data Breaches
Although companies are continuously updating their cybersecurity policies and procedures, data breaches keep growing due to increasingly complex hacking activity. Data breaches takes several forms, with the most common involving unauthorized access, which accounted for 43 percent of all breaches in 2020, according to ForgeRock.
The SolarWinds systems attack was the largest and most sophisticated breach involving unauthorized access. In this case, bad actors inserted a malicious code containing malware into the system’s software updates and distributed them to more than 30,000 customers around the world, including government agencies and Fortune 500 companies. The malware permitted the hackers uncontrolled access to the organizations’ networks.
Phishing attacks were the second most common category, accounting for 25 percent of all hacked records in 2020, up from 14 percent, as hackers took advantage of increased online usage among consumers and remote workers. Malware/ransomware attacks also increased from 10 percent to 17 percent of all hacked records, with healthcare organizations especially vulnerable to demands that a ransom be paid in order to avoid service disruptions that could place patients at risk.
Overall, healthcare organizations were targeted for the most data breaches, followed by the financial, education and technology sectors. Retail accounted for 16 percent of all records compromised, up from 2 percent the prior year. About one-third of the year’s data breaches involved access to dates of birth and Social Security numbers.
The Fallout
The average overall cost of a data breach rose in 2020 by 5.5 percent to $8.64 million. For individuals, stolen personal information is often used by third parties to commit a variety of frauds, including taking out loans, opening financial accounts, obtaining medical services, making credit card purchases and obtaining a driver’s license, among other schemes. Companies who are targeted for a breach incur myriad costs, including lost revenue, high costs for response protocols, and potential fines and lawsuits from impacted customers, employees or others.
Litigation
With data breaches on the rise, data breach lawsuits have grown in number and complexity. During 2021, three dozen major class action lawsuits were filed for cybersecurity issues in the U.S., up from 25 the previous year. Most of these cases allege negligence in failing to exercise reasonable care and protect sensitive client and/or employee data, while asserting claims of future harm as a result of the information lost during the breach.
Consumer credit service Equifax faced a class action lawsuit following a major data breach in September 2017 and, pursuant to a final order approved in 2020, the company accepted liability for customers’ out-of-pocket losses and/or time spend as a result of the breach. An affected customer could also elect to receive a $125 payment as alternative compensation. Other companies affected by mega-breaches have included MGM Resorts, Wawa, American Medical Collection Agency, Capital One, Aetna, Experian and Anthem, among many others.
Looking Ahead
Some hope for future data protection exists with the development of artificial intelligence in the form of modern identity and access management software. This software detects unexpected activity, ensures strong compliance controls and insists on multifactor identification, which reduces data breaches and their related costs.
All of these developments have led to a substantial increase in data breach insurance recovery claims, mostly under cyber insurance policies. In addition, insurance premium costs and application complexities have increased dramatically. The coverage available to protect against data breaches is still good, however, and is worthy of consideration by the business consumer.
If you or your company has an insurance recovery claim affected by a data breach incident, feel free to reach out to us. We make insurance companies keep the promises they made to you.
Contact us today for a free consultation.
Evan S. Schwartz
Founder of Schwartz, Conroy & Hack
833-824-5350
[email protected]